May 5, 2017 - Use the Unix NIS domain as the domain name in the configuration. On the AD server, create a group for the Linux users. Open Administrative.
Thanks for the suggestions. As I mentioned in the original post, windows services for Unix is going to be EOL soon but I found the replacement for anyone that's interested. In Windows Server 2008 R2 you need to install the feature 'Subsystem for UNIX-based applications'. Secondly, under Roles Active Directory Domain Services you need to install 'Identity Management for Unix'. Once these are installed each user will have have some extra unix attributes:) The ldap mapping for /etc/ldap.conf is as follows: # RFC 2307 (AD) mappings nssmapobjectclass posixAccount user nssmapobjectclass shadowAccount user nssmapattribute uid sAMAccountName nssmapattribute homeDirectory unixHomeDirectory nssmapattribute shadowLastChange pwdLastSet nssmapobjectclass posixGroup group nssmapattribute uniqueMember member pamloginattribute sAMAccountName pamfilter objectclass=User pampassword ad The joys of interoperability. @alharaka - I'm just using the Open version.
I picked up on Likewise only recently as I was using VMware's ESX Management Assistant Server virtual appliance. Since the permissions for managing VMs are set through AD on our system, I needed to allow staff to login to the Assistant Server with their AD logins. It works well for that. As far as I can tell it is using LDAP, and allows login, which is what the OP asked for. Can't comment on the features of Enterprise version, but it seems like a well maintained and documented project. – Oct 19 '10 at 7:48.
You might want to read the Microsoft document using Windows Services for Unix (WSfU). This link includes documentation.
From the link: Volume 2: Solutions Using Kerberos Authentication (End States 1 and 2). Describes implementation of End States 1 and 2 using different technology approaches. In End State 1, UNIX clients use Active Directory Kerberos for authentication but continue to use an existing UNIX-based data store for authorization. In End State 2, UNIX clients use Active Directory Kerberos for authentication and Active Directory LDAP for authorization. Let us know if it works for you; I am very interested in implementing such a thing for Linux projects. Check out Centrify which provides a native agent for connecting directly to AD on hundreds of different flavors of UNIX or Linux (or OS X).
There is a free product that includes authentication support for PAM, NSS and Kerberos clients. In addition they have a free windows application for deploying to and managing remotely many servers at once. The for-pay suites include group policy, access control, authorization, privileged user management, reporting, user session recording/audit, encryption/authentication of data on the wire and much more. Used in production on a big chunk of the Fortune 2000 UNIX and Linux servers. Corey - a Centrify product manager.